While there are no overarching guidelines for local governments, there are many ways councils can improve their cybersecurity on their own. And they can do that without spending a lot of money.

We asked the experts at ESET about the top 5 cybersecurity risks facing local councils — and what they can do to protect themselves and their citizens.

Risk #1: They store a lot of sensitive data

Local councils are go-to targets for cybercriminals for a simple reason: they have huge amounts of sensitive data saved on their systems.

On a day-to-day basis, staff log personally identifiable information about the area’s residents, such as their full names, emails, addresses, driver’s licenses, and credit card numbers. Plus, local governments publish a lot of information for public records, which makes it easier for cybercriminals to hack the systems that contain personal information.

The solution: Back up all municipal systems.

It’s essential for councils to routinely back up their systems. That way, if they fall victim to a ransomware attack (or even a server crash), they’ll be able to recover any lost or corrupted data. This applies to employees who use their smartphones or tablets for work reasons, too.

For extra security, aim to maintain two encrypted backups: one on an external hard drive or flash drive, and another on the cloud. By having at least one backup off-site, councils will be safe if a disaster or outage affects the office.

Risk #2: They often use outdated technology and software

Smaller councils tend to have small budgets to match, and can’t invest in the latest and greatest technology. Because of that, they don’t always have the infrastructure to tackle today’s cybersecurity challenges.

The solution: Upgrade computer software.

Some councils may not be able to shell out hundreds or thousands of dollars on new technology, but they can focus on upgrading their software. This is one of the best tools to prevent cyber attacks.

All employees should accept software updates for all their devices as soon as they pop up. They may take a few minutes to download and require you to restart your computer, but they’re worth it. These updates fix security flaws and scan any files and attachments for viruses, making councils less vulnerable to government cyber attacks.

It’s also a good idea to instal a third-party software to block more persistent threats. ESET Secure Business is a great, all-around IT security solution for businesses, while ESET Threat Intelligence Service helps to detect advanced threats and protect against phishing.

Risk #3: They lack IT resources and staff

What’s more, many local councils lack dedicated IT departments. This means they don’t have people committed to identifying new threats, implementing safeguards and protecting the council from cyberattacks.

Instead, those responsibilities are spread across other, non-specialised staff. And with their budgets already under pressure, many councils don’t have the funds to upskill their current staff and train them on the latest cybersecurity developments.

The solution: Get support from IT experts.

The ideal solution is to reallocate financial resources and hire IT workers who are trained in cybersecurity. But that may not always be possible.

In that case, all of the tips we’ve talked about will help councils to overcome their obstacles and strengthen their cybersecurity.

City managers should figure out what they can do in-house to monitor cybersecurity threats, and try tapping into IT resources from other local, state and federal governments to lend a hand.

Risk #4: They don’t educate employees on cybersecurity

Since many councils are working with limited or no IT staff and outdated technology, they’re often seen as easy targets for cybercriminals.

The lack of resources may be out of councils’ control, but they should create a culture around cybersecurity for their employees. This involves making small but measurable changes to their current IT security plan.

The solution: Invest in cybersecurity training.

Councils can amp up their security by teaching their employees how to prevent a data breach.

This involves following three best practices:

• Creating complex passwords, and changing them regularly. To prevent a government data breach, employees should create unique, hard-to-guess passwords for each account or device. Each password should contain a mix of upper and lower case letters, numbers and symbols, and not shared with anyone. Employees should also change their password every 60 to 90 days, and councils should set a limit on the number of times a password can be entered before the system locks the user out.

• Using multi-factor authentication. Even the most unique, random password can be cracked by a talented hacker. That’s why it's important to opt into multi-factor authentication (MFA (News - Alert)), especially if employees are working remotely. This means employees will need to enter their username, password and at least one more piece of additional information — usually a code sent to their phone or email — before they can successfully log in.

• Encrypting files. As part of their jobs, council employees often store and send information via email, instant messages and other forms of digital communication. They can safeguard this data against unauthorised users with the help of encryption. Most computers, laptops and mobile devices have operating systems that fully encrypt stored data, though councils can look into third-party, cloud-based systems, too.

Risk #5: They don’t have a strategy to recover from cyber attacks

Many local councils don’t have a complete picture of their cybersecurity, and where they need to improve. So, the first step is to identify those gaps, and then develop a basic cyber attack prevention plan with the help of the people, processes and technologies they have at hand.

The solution: Make cybersecurity a priority!

With cyber attacks on government agencies on the rise, councils must learn to assess, mitigate and prepare for IT security risks. At the same time, they should have a plan in place to restore critical computer systems and networks as quickly as possible in the event of a cyberattack.

To start, look at the following:

• The types of sensitive data each department collects
• Where that data is stored
• Who has access to it

Then, work through the solutions in this blog — like training employees and installing software updates as they’re released.

Prevent cyber attacks with ESET’s (News - Alert) security software

Cybercriminals are clever, which means that councils need to be more vigilant than ever when it comes to their cybersecurity.

Browse ESET’s security software and get in touch with them to upgrade your security system now.

Author Bio:

About ESET

ESET is a global internet security company, providing threat detection solutions for businesses and consumers in more than 200 countries and territories.